If you want to use AD credentials to access the SEPM console, it possible to console authentication with Active Directory Account, you have to configure Directory Authentication option in SEPM console.

We are using this on very large AD (80'000 users and >100'000 group's).
Works all fine, but you have to have MP2 on the client. Before MP2 the OU-Client matching was not working all the time and you found many clients in your default group.

the default mode (push) means that as soon as the SEP client is started, it establishes a connection to the SEPM and maintains that connection.

In this case, AS SOON as the SEPM downloads new definitions, it notifies all connected clients that new definitions are available. the cliet will then retrieve the file(s) from the SEPM (which acts essentially as an internal You should never have to execute a command from the SEPM to force the client to update ...